horde -- "url" disclosure of sensitive information vulnerability

Details

VuXML ID

c7c09579-b466-11da-82d0-0050bf27ba24

Discovery

2006-03-15

Entry

2006-03-15

Secunia advisory SA19246:

Paul Craig has discovered a vulnerability in Horde, which
can be exploited by malicious people to disclose sensitive
information.
Input passed to the "url" parameter in "services/go.php"
isn't properly verified, before it is used in a
"readfile()" call. This can be exploited to disclose the
content of arbitrary files via e.g. the "php://" protocol
wrapper.

The vulnerability has been confirmed in version 3.0.9 and
has also been reported in prior versions.